Automotive cyber-physical systems (CPS) encompass nearly every research
challenge offered by high-confidence computing. To scope this position paper, I will focus on
open research questions in the design and assurance of fault-tolerant real-time automotive
communication
buses. An example of a fault-tolerant automotive bus in development today is FlexRayTM,
and there are a variety of fault-tolerant buses being researched and developed for avionics
systems
[4]. Such buses provide the intra-vehicle communications network for the most safety-critical
applications, such as drive-by-wire, brake-by-wire, and throttle-by-wire systems. That said, I
consider
bus architectures in this paper broadly: this includes the buses themselves, bus interface
units,
and the interacting processing units driving the sensors, actuators, and other CPS
applications.
In the following, I describe three broad research agendas I believe to be paramount to the
success
of high-confidence CPS systems. The first of these is a community effort to specify and build
an
open bus architecture to act as a springboard for future research efforts. The second
describes
research challenges in formally specifying and verifying bus architectures for automotive
CPSes.
The safety-critical and security-critical nature of these systems, coupled with their
complexity and
multiple layers of abstraction, suggest that mathematically-rigorous specification and
verification
is necessary to have confidence in their correctness. Finally, I describe the research
challenges in
building bus architectures that at once integrate applications while providing needed
partitioning.